Track Your Stolen Laptop (for Free) with Adeona

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go â€” there’s no need to rely on a single third party. What’s more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner’s choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop.

From the Adeona website:

Adeona is named after the Roman goddess of safe returns. This system is the result of recent academic research started at the University of Washington, with participants now also at the University of California San Diego and the University of California Davis. The foundations of the Adeona design â€” and an analysis of its security and privacy properties â€” are published in a research paper at the 2008 USENIX Security Symposium.

Best of all, Adeona is free, and has downloads available for Windows, Mac and Linux. As an added bonus, Mac Powerbook users can configure Adeona to work with the built-in iSight camera and freeware software isightcapture to take a photo of your laptop-mooking perp. Like your location information, these images are privacy-protected so that only the laptop owner (or an agent of the owner’s choosing) can access them.

About the author

snipe

I’m a tech geek/dev/infosec-nerd/scuba diver/blacksmith/sword-fighter/crime fighter/ENTP/warcrafter/activist. I run Grokability, Inc, and run several open source projects, including Snipe-IT Asset Management. Tweet at me @snipeyhead or read more…

Hi! My laptop was stolen, and I have not installed such software. Others have installed it, but their hard drive is wiped out before usage (many thieves do that). I think that if many helps out, we could find a couple of more stolen laptops. Have a look at hitthebutton.org for details.

I had 2 laptops stolen in my lifetime. Both recovered. Both times with the same windows installation intact. First one was recovered in 3 days, stolen by a local drug user who still had it but was trying to re-sell it. Second one stolen by a big time burgler who was initially caught breaking into company offices all around town. The laptop was gone for 6 months.

See i lost a laptop that was gone for 6 months… I still got it back with the same Windows 98 installation on it.

All I’m saying is like IP Sneak: I believe most thives are drug users or generally just dumb people. Most of them don’t even know how to format a PC let alone try to install a new operating system.

Peter – no no, I totally get that. My point was that my entire office uses Mac, so IPSneak isn’t the right fit for us, specifically. I encourage our readers to check it out and see if it’s a good fit for them. Also, a side note, you have a typo on your homepage, under the Pricing header: “Not excactly” should be “Not exactly”

Hi! My laptop was stolen, and I have not installed such software. Others have installed it, but their hard drive is wiped out before usage (many thieves do that). I think that if many helps out, we could find a couple of more stolen laptops. Have a look at hitthebutton.org for details.

I had 2 laptops stolen in my lifetime. Both recovered. Both times with the same windows installation intact. First one was recovered in 3 days, stolen by a local drug user who still had it but was trying to re-sell it. Second one stolen by a big time burgler who was initially caught breaking into company offices all around town. The laptop was gone for 6 months.

See i lost a laptop that was gone for 6 months… I still got it back with the same Windows 98 installation on it.

All I’m saying is like IP Sneak: I believe most thives are drug users or generally just dumb people. Most of them don’t even know how to format a PC let alone try to install a new operating system.

Peter – no no, I totally get that. My point was that my entire office uses Mac, so IPSneak isn’t the right fit for us, specifically. I encourage our readers to check it out and see if it’s a good fit for them. Also, a side note, you have a typo on your homepage, under the Pricing header: “Not excactly” should be “Not exactly”

If you want to render wiping your drive useless, find a free area in your BIOS firmware, and fill it with instructions to check a particular block on your hard drive for a known value, nuking the entire computer if that fails (say, rewriting the partition table with random data). The bad news is that it won’t magically report itself stolen; the good news is that the crook may be sorry he wiped the drive, and if he bothered to make a backup, he might try restoring it, and if he’s stupid enough to boot the old system with the Internet connected to verify that everything works, your computer then has an opportunity to notify you.

BTW – Note that many recent motherboards have firmware with built-in TCP/IP (including things like DHCP), HTTP and filesystem implementations. It might be fun to take advantage of that functionality to allow the thief to boot with whatever he installed after wiping the drive, but during the boot process downloading and installing your favorite reverse shell or equivalent, and setting a timer to silently halt the system (making it look like a freeze) after some random interval if that fails. Figure, if he stole your laptop, it’s highly unlikely that he’ll never connect to the Internet using a router or some other type of always-on connection, and if he reboots just once while connected to one of them, you’ve now got your reverse shell installed.

If you want to render wiping your drive useless, find a free area in your BIOS firmware, and fill it with instructions to check a particular block on your hard drive for a known value, nuking the entire computer if that fails (say, rewriting the partition table with random data). The bad news is that it won’t magically report itself stolen; the good news is that the crook may be sorry he wiped the drive, and if he bothered to make a backup, he might try restoring it, and if he’s stupid enough to boot the old system with the Internet connected to verify that everything works, your computer then has an opportunity to notify you.

BTW – Note that many recent motherboards have firmware with built-in TCP/IP (including things like DHCP), HTTP and filesystem implementations. It might be fun to take advantage of that functionality to allow the thief to boot with whatever he installed after wiping the drive, but during the boot process downloading and installing your favorite reverse shell or equivalent, and setting a timer to silently halt the system (making it look like a freeze) after some random interval if that fails. Figure, if he stole your laptop, it’s highly unlikely that he’ll never connect to the Internet using a router or some other type of always-on connection, and if he reboots just once while connected to one of them, you’ve now got your reverse shell installed.

Dave – thanks so much for this tip! I was just looking for something that does exactly that, specifically because our laptops at work contain server passwords and such. (Plus, I am a spiteful, spiteful bitch.. lol)

Eh, if your only worry is about server passwords and such, there’s a rather simple cure: Store all passwords that a particular laptop should have in an encrypted file, and tell the laptop owner the passphrase for the decryption key. A trivial suid script prevents the decrypted data from being swapped out to disk. Now, somebody steals your laptop and doesn’t get your passwords. For the particular problem you propose you don’t really need a low-level solution, and my solution wouldn’t really protect your passwords, anyway. Obviously, being a spiteful bitch, you could care less about that last sentence ;-P

Since BIOSes are all different and messing one up can brick your motherboard, it’s probably a better idea to disassemble your individual firmware than to dig up some tool that knows about a “similar” BIOS.

Dave – thanks so much for this tip! I was just looking for something that does exactly that, specifically because our laptops at work contain server passwords and such. (Plus, I am a spiteful, spiteful bitch.. lol)

Eh, if your only worry is about server passwords and such, there’s a rather simple cure: Store all passwords that a particular laptop should have in an encrypted file, and tell the laptop owner the passphrase for the decryption key. A trivial suid script prevents the decrypted data from being swapped out to disk. Now, somebody steals your laptop and doesn’t get your passwords. For the particular problem you propose you don’t really need a low-level solution, and my solution wouldn’t really protect your passwords, anyway. Obviously, being a spiteful bitch, you could care less about that last sentence ;-P

Since BIOSes are all different and messing one up can brick your motherboard, it’s probably a better idea to disassemble your individual firmware than to dig up some tool that knows about a “similar” BIOS.

It’s not my only worry, but it a worry. We recently had someone’s laptop stolen at the office, and were just discussing different options. I personally lug mine back and forth to work, so they’d have to pry mine out of my cold, dead fingers – but some people leave theirs in the office overnight. It’s a mac office, and I’ve been a pc/linux person for, oh, the past decade and a half, so I’m not sure what options are out there, but the topic of bricking the motherboard as soon as they catch a wifi or other ‘net connection came up. Obviously, it would have to be something pretty foolproof, lest someone brick their computer by accident…

Would be nice if there was an easy, third party service that would handle this type of thing. A company registers their laptops, and as soon as one is stolen, the company flags it as stolen. As soon as the perp goes online, blam, consequence A, B and C.

I guess if you have a fleet of identical laptops, it might pay to mass-produce a hacked firmware for that laptop, and apply it across the board. I’ve never worked at a company promoting conformity for more than a few months, so my experience in maintaining fleets of identical computers for any significant length of time is essentially limited to servers at the DC, which don’t tend to be stolen too often, and hence don’t really need any type of low-level boot-up protection as long as physical security isn’t implemented as if it were a joke.

It’s not my only worry, but it a worry. We recently had someone’s laptop stolen at the office, and were just discussing different options. I personally lug mine back and forth to work, so they’d have to pry mine out of my cold, dead fingers – but some people leave theirs in the office overnight. It’s a mac office, and I’ve been a pc/linux person for, oh, the past decade and a half, so I’m not sure what options are out there, but the topic of bricking the motherboard as soon as they catch a wifi or other ‘net connection came up. Obviously, it would have to be something pretty foolproof, lest someone brick their computer by accident…

Would be nice if there was an easy, third party service that would handle this type of thing. A company registers their laptops, and as soon as one is stolen, the company flags it as stolen. As soon as the perp goes online, blam, consequence A, B and C.

I guess if you have a fleet of identical laptops, it might pay to mass-produce a hacked firmware for that laptop, and apply it across the board. I’ve never worked at a company promoting conformity for more than a few months, so my experience in maintaining fleets of identical computers for any significant length of time is essentially limited to servers at the DC, which don’t tend to be stolen too often, and hence don’t really need any type of low-level boot-up protection as long as physical security isn’t implemented as if it were a joke.

Although it wold obviously have to be a pretty well-trusted company. I can’t think of many that I’d give that ability off the top of my head. And perhaps it wouldn’t be geared at the expert level thief who could potentally login via cli first, disabling any outside connections, checking for the presence of self-destruct software, etc.

The correct company to implement this type of thing should be the original firmware programmers. Since their code looks like chicken scratch anyway and we all trust it anyway, it’s not a big leap for them to add more chicken scratch that we’ll all be trusting anyway. Until then, buy a fleet of laptops that coreboot supports, and just hack coreboot to do what you want 🙂

BTW – Keep in mind that a slight modification of my original BIOS-based solution (namely, to brick the mobo rather than simply rewriting the partition table on a block failing verification) is immune against most expert level programmers, including virtually all thieves. The reason it’s unaffected by things like cli logins (including single-user mode) is that the BIOS bricks itself before the OS ever has the chance to boot. Even trying to boot from a floppy/cd/dvd/flashdrive/etc. is useless, since the BIOS bootup code will brick the mobo before the device is booted. The price you pay is that employees can’t touch the OS itself, because if they modify the wrong thing, they may change something in the “magic block” and nuke the whole box on their next reboot.

Although it wold obviously have to be a pretty well-trusted company. I can’t think of many that I’d give that ability off the top of my head. And perhaps it wouldn’t be geared at the expert level thief who could potentally login via cli first, disabling any outside connections, checking for the presence of self-destruct software, etc.

The correct company to implement this type of thing should be the original firmware programmers. Since their code looks like chicken scratch anyway and we all trust it anyway, it’s not a big leap for them to add more chicken scratch that we’ll all be trusting anyway. Until then, buy a fleet of laptops that coreboot supports, and just hack coreboot to do what you want 🙂

BTW – Keep in mind that a slight modification of my original BIOS-based solution (namely, to brick the mobo rather than simply rewriting the partition table on a block failing verification) is immune against most expert level programmers, including virtually all thieves. The reason it’s unaffected by things like cli logins (including single-user mode) is that the BIOS bricks itself before the OS ever has the chance to boot. Even trying to boot from a floppy/cd/dvd/flashdrive/etc. is useless, since the BIOS bootup code will brick the mobo before the device is booted. The price you pay is that employees can’t touch the OS itself, because if they modify the wrong thing, they may change something in the “magic block” and nuke the whole box on their next reboot.

Our agency doesn’t promote conformity at all – we’re just interested in finding a solution that could be standardized and easily implemented as company policy. At $3k a shot, most of us work on laptops, so its a valid concern.

The doors were supposedly locked, but there’s no way to know exactly what happened. Seems weird that if the door was open, they’d only steal one laptop and not more. Operations guy has everyone using laptop locks now. *shrug*

> Our agency doesnâ€™t promote conformity at all – weâ€™re just interested in finding a
> solution that could be standardized and easily implemented as company policy.

Okay, I guess “promote” was the wrong word to use: “enforce” would’ve been a better term, in this case ;-P

> The doors were supposedly locked, but thereâ€™s no way to know exactly what happened.

You know, you can use cheapy webcams plus video compression software as a low-cost alternative to a security camera installation, if you’re not too worried about people smashing them to smitherines (an event which you can easily record by spending some of the money saved on another cheap webcam pointing at the first, and so on, forming a loop where each webcam is watched by at least one other one). Also, note that there are a number of electronic locks that can distinguish between different keycards (and a couple that can even send the data to a computer for analysis), making it fairly easy to figure out who didn’t lock the door on his way out, especially in conjunction with the video.

> Operations guy has everyone using laptop locks now. *shrug*

I guess that’ll work fine until somebody with a bolt cutter comes along. I’d rather film the guy and have the police hunt him down for me.

Our agency doesn’t promote conformity at all – we’re just interested in finding a solution that could be standardized and easily implemented as company policy. At $3k a shot, most of us work on laptops, so its a valid concern.

The doors were supposedly locked, but there’s no way to know exactly what happened. Seems weird that if the door was open, they’d only steal one laptop and not more. Operations guy has everyone using laptop locks now. *shrug*

> Our agency doesnâ€™t promote conformity at all – weâ€™re just interested in finding a
> solution that could be standardized and easily implemented as company policy.

Okay, I guess “promote” was the wrong word to use: “enforce” would’ve been a better term, in this case ;-P

> The doors were supposedly locked, but thereâ€™s no way to know exactly what happened.

You know, you can use cheapy webcams plus video compression software as a low-cost alternative to a security camera installation, if you’re not too worried about people smashing them to smitherines (an event which you can easily record by spending some of the money saved on another cheap webcam pointing at the first, and so on, forming a loop where each webcam is watched by at least one other one). Also, note that there are a number of electronic locks that can distinguish between different keycards (and a couple that can even send the data to a computer for analysis), making it fairly easy to figure out who didn’t lock the door on his way out, especially in conjunction with the video.

> Operations guy has everyone using laptop locks now. *shrug*

I guess that’ll work fine until somebody with a bolt cutter comes along. I’d rather film the guy and have the police hunt him down for me.

All great suggestions 🙂 We’re looking into options right now – this is the first time this has happened. The building and elevator require a keycard after 7PM, and there us a doorguy, but he leaves at 8PM I think – and they’re not religious about making people sign in. I want to say the operations guy asked to see the buildings video tape, but I don’t know whatever became of that. I have my hands full trying to convince them not to switch from Zimbra to Exchange.. lol

All great suggestions 🙂 We’re looking into options right now – this is the first time this has happened. The building and elevator require a keycard after 7PM, and there us a doorguy, but he leaves at 8PM I think – and they’re not religious about making people sign in. I want to say the operations guy asked to see the buildings video tape, but I don’t know whatever became of that. I have my hands full trying to convince them not to switch from Zimbra to Exchange.. lol

Why not also check out the IP Sneak service? It’s web based and a little better suited for companies and families wanting to track all of their PCs. IP Sneak is also free and uses a windows service to report back IP adresses.

November last year a Canadian burgler was jailed and charges in possesion of stolen goods worth aprox. 5,000 $

Why not also check out the IP Sneak service? It’s web based and a little better suited for companies and families wanting to track all of their PCs. IP Sneak is also free and uses a windows service to report back IP adresses.

November last year a Canadian burgler was jailed and charges in possesion of stolen goods worth aprox. 5,000 $

LOL … see, the problem with a centralized proprietary service to manage
your stolen laptop is that (a) as Snipe pointed out, you’re stuck with
whatever the service supports, and without whatever it doesn’t, (b) as
you yourself pointed out in your funny sig, you’re stuck with whatever
features the service decides to add by user request, and without whatever
features the service doesn’t feel like adding for whatever reason, (c)
if the service goes out of business, so does your protection, and (d)
if Microsoft injects SQL bugs into the servers powering the service,
the thief might get away without having his new laptop locked down,
and/or the service might shut down a non-stolen laptop in the middle of
an important presentation, perhaps with some trademark blue screen of
death or something, possibly as a result of bugginess in the closed-source
application that the service required you to install with admin privileges
on your laptop. I dunno, maybe Windows people have just gotten used to
giving closed-source
apps admin privileges and praying for the best; I’d be scared stiff to trust something without source even in my own user account, much less as root.

Hey, don’t get me wrong, I can understand why you’re promoting your
own junk; you have a vested interest. (I promote my own junk for the
same reason.) Just don’t be surprised when some of the obvious flaws
are pointed out. (Snipe is a lot more diplomatic than I am, simply
pointing out why your service doesn’t meet the basic requirements she
pointed out in the first couple of sentences of her original blog post.)

LOL … see, the problem with a centralized proprietary service to manage
your stolen laptop is that (a) as Snipe pointed out, you’re stuck with
whatever the service supports, and without whatever it doesn’t, (b) as
you yourself pointed out in your funny sig, you’re stuck with whatever
features the service decides to add by user request, and without whatever
features the service doesn’t feel like adding for whatever reason, (c)
if the service goes out of business, so does your protection, and (d)
if Microsoft injects SQL bugs into the servers powering the service,
the thief might get away without having his new laptop locked down,
and/or the service might shut down a non-stolen laptop in the middle of
an important presentation, perhaps with some trademark blue screen of
death or something, possibly as a result of bugginess in the closed-source
application that the service required you to install with admin privileges
on your laptop. I dunno, maybe Windows people have just gotten used to
giving closed-source
apps admin privileges and praying for the best; I’d be scared stiff to trust something without source even in my own user account, much less as root.

Hey, don’t get me wrong, I can understand why you’re promoting your
own junk; you have a vested interest. (I promote my own junk for the
same reason.) Just don’t be surprised when some of the obvious flaws
are pointed out. (Snipe is a lot more diplomatic than I am, simply
pointing out why your service doesn’t meet the basic requirements she
pointed out in the first couple of sentences of her original blog post.)

Dave – haha – I think that’s the first time in my life the sentence “Snipe is a lot more diplomatic than I am” has ever been said. I’m not really known for my diplomacy 😀

But you touched on a key point that I forgot to address – one that is not necessarily a deal-breaker, but should at least be on one’s radar. Whenever the effectiveness of your security (and potentially, even the ability for your computer to function) relies solely with a third party, you have to be really, *really* comfortable with that service. As you pointed out, Dave, so many things could happen – from the innocent “company going out of business” outcome to something far more maligned. Either way, it SHOULD be carefully considered.

Dave – haha – I think that’s the first time in my life the sentence “Snipe is a lot more diplomatic than I am” has ever been said. I’m not really known for my diplomacy 😀

But you touched on a key point that I forgot to address – one that is not necessarily a deal-breaker, but should at least be on one’s radar. Whenever the effectiveness of your security (and potentially, even the ability for your computer to function) relies solely with a third party, you have to be really, *really* comfortable with that service. As you pointed out, Dave, so many things could happen – from the innocent “company going out of business” outcome to something far more maligned. Either way, it SHOULD be carefully considered.

It might be fun to take advantage of that functionality to allow the thief to boot with whatever he installed after wiping the drive, but during the boot process downloading and installing your favorite reverse shell or equivalent, and setting a timer to silently halt the system after some random interval if that fails.

It might be fun to take advantage of that functionality to allow the thief to boot with whatever he installed after wiping the drive, but during the boot process downloading and installing your favorite reverse shell or equivalent, and setting a timer to silently halt the system after some random interval if that fails.

Search

About Me

I’m a tech geek/dev/infosec-nerd/scuba diver/blacksmith/sword-fighter/crime fighter/ENTP/warcrafter/activist. I run Grokability, Inc, and run several open source projects, including Snipe-IT Asset Management. Tweet at me @snipeyhead or read more…